JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Kiran cheema wrote:Is autocreate enabled? And have you tried enabling the messages in the shlog plugin? (Or checked the log files for messages?)

Hi there Kiran,

Thanks so much for responding - I think I've got it working now.

To answer your questions (though perhaps not relevant any more), 'User Autoregister', which I think is what you were referring to(?) was set to 'Override True'. The 'SHLog - LDAP' plugin was enabled, though I wasn't sure how to retrieve/locate the logs (still not, actually).

As it is, I think I had simply overlooked that the 'Authentication - User Adapter' plugin was disabled. Enabling this seems to have fixed my issue. I don't know how I'd missed that, though it maybe didn't cross my mind because it was happily creating user accounts under HTTP. That, and the fact that there are a number of different Authentication plugins. I think I'd assumed that it was using 'Authentication - Joomla' instead.

Anyway, thanks ever so much for taking the time to respond - it's very much appreciated.

Best wishes.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Oct 03, 2014 8:05 am

by Kiran cheema

ah yeap that would do it!

To access the logs you need to ftp to the /logs folder in your install and have a look in there, there are 3 log files ldap.debug ldap.error and ldap.info

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Oct 03, 2014 2:14 pm

by Hobbes99

Kiran cheema wrote:To access the logs you need to ftp to the /logs folder in your install and have a look in there, there are 3 log files ldap.debug ldap.error and ldap.info

Switching on full PHP LDAP debug (outputs to web server log).
Attempting LDAP connection with [redacted].local:389...
Attempting to find the distinguished name for user [redacted]...
Successfully found distinguished name [redacted].

[10112] An LDAP read operation failed. (32) No such object.

:: PHP LDAP Debug 2.0.1.16 Script Finished ::

Is there a way to identify what object the LDAP read operation is having trouble with?

Thanks for your help,
Ray.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Nov 14, 2014 10:08 am

by sincar

Hi, all! And many thanks in advance for your help!

I've an installation of J!2.5.24 with Shamanic Platform 2.0.1.16 on Ubuntu/LAMP binded to a Windows Server 2008 R2 ActiveDirectory. All is fine with LDAP module, using SSO module, instead, the user is recognized, but Group Mapping doesn't work, I'm always Registered user.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Nov 26, 2014 3:34 am

by djillusions

The JMapMyLdap Module became unresponsive on our site, it would not load or allow us to change any settings. In an attempt to rectify the issue I tried to remove the module and reinstall it however I can now no longer access the front or backend of the site and get the following error:

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

I am trying this on Joomla 3.3.6 and JMAPLDAP (version 2). We have two LDAPs on completely two different hosts/domains (one for students and one for Staff).

When I was doing LDAP proxy bind tests (Test/Debug), both the staff and student accounts are successful.

But on the home page, only students can login and their records are created in Joomla.

When I try to login with Staff account with correct login details I am presented with a Warning message: You cannot access the private section of the site. Also there is no account created in the database.

When I enter wrong password for staff, it says the password is incorrect... which means it is validating against LDAP but some how its not creating the user account for staff.

Can you tell me where I'm going wrong?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Dec 04, 2014 10:56 am

by ares202

Hi, I am hoping you might be able to provide me some assistance in integrating your Joomla LDAP plugin on my Joomla site.

I am attempting to integrate my Active Directory LDAP server with my Joomla 3 site. I want all users on a particular domain to be able to login to the Joomla site, and also be registered on the Joomla frontend when they first login. I have installed shamanic 2 platform and followed the ‘Getting started’ ‘configuring LDAP’ and ‘Configuring SSO’ guides on the shamanic website.

My Joomla site is now able to authenticate via LDAP for users that are already registered into Joomla, and SSO is working perfectly, however for users that aren’t registered I am given the error ‘username or password is incorrect’ and nothing is logged in in the LDAP log on the server with debugging options enabled.

I have configured the setting in shamanic config > base settings > use autoregister as ‘override true’ is that all that is required? or do I need to configure the creation plugin as described here?

Could really use some help to point me in the right direction of what to look at next?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Feb 20, 2015 7:06 pm

by gillecaluim

I'm trying to get the group mapping plugin working. I'm able to authenticate a user against a AD and login but the group mapping plugin only maps AD groups to existing joomla groups. I thought it would create new joomla groups if they didn't exist to completely sync the users group memberships?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Apr 21, 2015 1:52 am

by mscruse

Hi all.

I'm looking to implement LDAP for a client, but there is one question I can't find the answer for.

When a user is logged in (authenticated via LDAP) will they be able to edit their profile to update their password and email address (if I create a menu item link to Edit Profile)???

Many thanks
Michael.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Jun 05, 2015 3:43 pm

by lekankou

Hello all and mainly mscruse !

I'm a user of the version1 of jmapmyldap and I just installed the version2 because I want the members of my site can modify their own passwords and e-mail.
With the plugin 'LDAP - Password' I can modify the password in the LDAP from the site but I can't modify my e-mail.

I have the plugin 'LDAP - Group Mapping' published and in 'Shmanic LDAP: Host Config' I have specify the LDAP attribute.
The group mapping works when I log into my site (from LDAP to Joomla) but I can't modify (from Joomla to LDAP) only password modification works.

Is it possible to modify email from the site to the LDAP ?
how and where ?
With the plug-in 'LDAP - User Creation' or 'LDAP - Injection' (or somewhere else) ?

@mscruse : did you find how to do this ?

Please help me, I need help !!

Thank you for your answer(s) and sorry for my bad english (I'm french...).

Have a nice week-end !

LeKankou

Re: JMapMyLDAP - LDAP for 3.4

Project
I m working a project on joomla 3.4.1 for a University that wants that users will never register from joomla default registration. I m playing from localhost in an apache server. the site its not in the airt at the moment to give u access...
(so i have set from joomla user configuration the allow user registration to No .)

only the existing ldap users will login to the site and automatically will be created in the registered joomla user group...that is the main aim!!

I hope u understand so far...

My problem is that i m not familiar with the ldap and the configuration of your amazing component.

I was wondering if you can help me and any help would be really appreciated...

Data,
for testing i have an ldap server that i m connecting through Apache Directory Studio see attached files 1 , 2 and 3...

Please some help cause i dont know what to do...

thank you in advance ,,

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Jun 12, 2015 9:54 pm

by mbeck_mic

Hi there,

I've inherited an existing Joomla installation which works for the most part. It juses JMapMyLDAP to connect to our Active Directory. We use it for an employee roster. We have groups for location, function and level.

Here is the problem: We added a new location. It is the only location that shows an n/a in the results when I look at the roster. I have the mapping list set up correctly as near as I can tell... the entry is CN=SITE_CW:73, where SITE_CW is our new location and 73 is the Joomla group number. I can see the group being filled by Joomla in AD.

When I go and look at a person in the roster, it does not show that it has properly switched the employee over to the new location - it still shows the old location.

Does anyone have any suggestions as to what is going on?

Thanks in advance,
Michael

Re: JMapMyLDAP - LDAP for 3.4

Project
I m working a project on joomla 3.4.1 for a University that wants that users will never register from joomla default registration. I m playing from localhost in an apache server. the site its not in the airt at the moment to give u access...
(so i have set from joomla user configuration the allow user registration to No .)

only the existing ldap users will login to the site and automatically will be created in the registered joomla user group...that is the main aim!!

I hope u understand so far...

My problem is that i m not familiar with the ldap and the configuration of your amazing component.

I was wondering if you can help me and any help would be really appreciated...

Data,
for testing i have an ldap server that i m connecting through Apache Directory Studio see attached files 1 , 2 and 3...

Please some help cause i dont know what to do...

thank you in advance ,,

try this

LDAP V3 : Yes
User DN / Filter : uid=[username]

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Jul 31, 2015 9:25 am

by SoulmatJF

Hi,

I'm using JMapMyLdap (it works, impossible to work in LDAPS, so we were forced to use LDAP protocol...) and we always have a error message at the backend. After logging with local admin joomla, i'v got the error message saying me "Failed to find LDAP user" at the backend page.

How could i just make an exception for this local account in order to avoid the LDAP checking on it ?

Thank you very much for helping !

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Oct 08, 2015 2:02 pm

by katarrah

Hello,
i have some problems with the configuration of the LDAP.
I get the error "[0] No attributes found for test user."

The Login is working but i cant assign the usergroups in J! with the group mapping plugin.
I think its because of the error in the ldap config.

Can someone give me a hint how to get it work?

Re: JMapMyLDAP - LDAP Password Change J3.4.4

Posted: Tue Oct 13, 2015 10:12 pm

by lacinfosys

Hi ShMaunder,

Are you the developer of shmanic LDAP for Joomla?

I just have a quick question and sorry to hijack this post for LDAP Group Mapping but I don't know how to get your attention if I create a new topic. Unless of course if you are one of this forum's administrator.

Anyways, we were able to install and make Shmanic LDAP v2 working with AD with LDAPS (quite a config to make it work properly). Now we're stuck with making the password change work properly with current password injection enabled. I keep on getting:

(50) Insufficient Access

But if I turn off Current Password Injection, I am able to change my password. For security purposes, we'd like to ask the user to enter Current Password before changing it.

Question is:

Does the Proxy User needs to have a read and write access to the Active Directory?
- If Yes, I tried to use a server administrator account but I am getting the same error.

Any suggestion?

Thanks,

Jackson

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Mon Nov 09, 2015 9:00 pm

by pcproffitt

JMapMyLDAP Profile Plugin question:

Per Github information I successfully created a profile that works. The information on github seems to indicate that there should be / can be a language file associated with the profile. The profile goes in a directory defined in the plugin. But nothing seems to indicate where to put the language file. I've tried the obvious and not so obvious. I've tried:

Directories:
[my defined path for the profile as defined in the plugin as the base]
language/en-GB/
administrator/language/en-GB

Filenames: (for reference assume the profile is named 'my profile' in the plugin)
profile.ini
en-GB.profile.ini
en-GB.plg_ldap_profile.ini

Anyone successful in using a language file with the profile defined in the profile plugin?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Fri Jan 29, 2016 4:43 pm

by k3f59

Hello,
I try to run the SSO with Joomla since yesterday but it doesn't work.
When the sso is on, if I connect to my site I get a 500 error.
Looking at the httpd error_log, I have this message:
PHP Fatal error: Class 'SHLdap' not found in /var/www/html/joomla/plugins/sso/edirldap/edirldap.php on line 97
To connect I use http://myserver/joomla/index.php?nosso=2
The ldap modules and managing group work well.
I use CentOs with Joomla 3.4.8.
Could someone help me?
Thank you

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Feb 25, 2016 12:47 pm

by gabriel_nazario

I use Joomla version 3.4.8 and the Shmanic component version 2.0.3.1. I also have a user base in AD (Active Directory) accounting for nearly 13,000 users. Out of these, the majority is mapped in the group “Registered” in Joomla and, besides the standard groups of Joomla, I have some groups with different access levels to the back-end (users are mapped using the plugin “LDAP – Group Mapping 2.0.3.1”).

Everything was going fine, but a few days ago I started facing problems with some users’ login. When they try to login (either in the back-end or in the front-end) the screen is updated, but the login doesn’t actually take place, i.e., the user remains unlogged, even after typing the right user and password. It occurs with just a few users randomly; whereas others in the same group are able to login normally. Moreover, no message of error or warning, indicating the reason for the action not to occur, appears.

As an attempt to find the cause of the problem, I decided to take the user out of the AD group it belonged and place him/her in a group mapped for “Super User”. This way, he/she could login. After that, I took the user back to his/her original group and the login kept failing.

The log files do not show any errors. On the contrary: they present the attempts to login as successful. The attached log files (ldap.debug.php, ldap.error.php, ldap.info.php) show the messages displayed for the users that could not login.

Any ideas of what might be happening? Has any other user reported similar problems?

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Mar 10, 2016 12:01 pm

by joshuatan17

Hi Shaun & Everyone,

I like to find out from you some info regarding your extension.

1) Multiple AD Servers Authentication
There are 3 different AD servers each with different sets of users. If I enter all of them in the LDAP configuration, will it work?

2) I have a site running on Windows 7 with XAMPP. If I can enable sspi, will SSO work for/from windows desktop users?

3) If I transfer the site to a RedHat server, may I know what is needed for SSO to work?

Your fast response is highly appreciated!

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Tue Apr 12, 2016 10:29 pm

by Avastor

I'm having a problem logging off SSO.

For example: on my first login... I login as an admin, then logout as an admin, then login as a different user/non-admin, then logout as the different user, but then I am automatically logged back in as an admin.

When I logout of any other account, I want to be completely logged out; I do not want to be logged in as my first SSO login. Is this possible? Thank you.

Edit: Something interesting I discovered. When I append index.php?nosso=2 at the end of my URL, then logout, I am completely logged out (not sure if I have to be on a different page from my login form for this to work). I am not sure if this the correct or easiest way though.

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Thu Apr 14, 2016 11:36 am

by intranet_admin

Hi everyone,

Currently all of my users are pulled via JMapMyLDAP from Active Directory into Joomla. By default, they are assigned to the Registered group and any other groups specified. More recently, I tried to set up a higher level access than Registered - let's call it Guest. The idea was to open up some pages of our otherwise private website to some of our suppliers. I then changed default access to the site to Guest as well as all relevant menus/modules. Using a test account (not linked via JMAP), this worked.

However, now I've set up JMAP to pull in appropriate users into my new user group (and I was hoping, access level); I've realised that all users are assigned to the Registered access level by default and therefore the new 'Guests' can see everything assigned to the Registered user group (even though I have not specified that they should be able to view this access level in their user group settings).

My question: Is there a way of changing the default user group that users are assigned to when pulled in via JMAP to a higher level than Registered? Otherwise I'm thinking I'll need to create a new user group underneath Registered, switch everything on the site to that and then use Registered as the default Guest access. Which would be a very long process!

I'm sure there's a way - any help/advice much appreciated .

Thanks, Sophie

Re: JMapMyLDAP - LDAP Group Mapping for 1.6 / 1.7

Posted: Wed Aug 10, 2016 1:45 pm

by dav_plan

Hello,

We are currently installing an intranet within our company.
To be more specific, joomla 3.6.2 on linux (centos)

Our users will connect via LDAP SSO on joomla

We installed the JMapMyLDAP plugins for LDAP and SSO
Ok for LDAP authentication, it's ok.

But, for SSO, you can not make it work.
In the logs we have: "No detection SSO plugins found"
While the plugin is correctly installed with the user key and the username replacement.
If we test dummy via, authentication is ok with in the logs:
"Successfully detected user" username "using SSO plug-in PlgSSODUmmy"

Re: JMapMyLDAP - User Filter

Posted: Fri Feb 03, 2017 2:01 pm

by pehu

Hello,

I'm going to use this plugin. I configured the LDAP Host successfully.
It is an openldap server (ubuntu).
The user filter is '(memberof=cn=joomla,ou=groups,dc=domain,dc=tld)'.
If I test/debug the ldap configuration, the debugging output says:

Attempting to get users using the All User Filter...
Found 3 users.

This is valid. I can log in as an user who is in this group. Ok.
But I can also log in as an user who is not in the group. This
is not right. Which configuration option prohibit this?